Date: Thu, 16 Sep 2004 04:12:41 -0000 From: Max Laier <max@love2party.net> To: pf4freebsd@freelists.org Subject: [pf4freebsd] Re: why multiple CARP groups Message-ID: <200408172154.06428.max@love2party.net> In-Reply-To: <200408172022.21707.max@love2party.net> References: <200408052130.51026.max@love2party.net> <4121C8A1.40304@hgdbroadband.com> <200408172022.21707.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Tuesday 17 August 2004 20:22, Max Laier wrote: > On Tuesday 17 August 2004 10:58, sam wrote: > > Hi, > > > > I need to get adviced by someone for the usage of CARP+pfsync. > > With the BIG example as described in the following page: > > http://www.countersiege.com/doc/pfsync-carp/#big > > I don't understand why create a different CARP group for each > > application server instead of using only one CARP interface for 4 > > internal application servers is better. > > > > With only one CARP address for 4 application servers, traffic still can > > be redirected to another app server if one is died. Unless one CARP > > address is not efficient. > > > > Can anyone please explain the difference using multiple CARP groups > > instead of one CARP address? > > The example uses a "rdr source-hash" rule to load balance over the four > virtual addresses. You cannot use the CARP version of source-hash as the > clients are behind the firewalls and will not balance as a result. Sorry, meant to say: "You cannot use the CARP arpbalance ..." with the same effect and (now much clearer (I hope)) reasoning. The servers will see only the firewall arps and not those of the clients. While they will indeed see the IP-Addresses, but CARP loadbalances on the arp-level. This is uses to loadbalance between the two firewalls, btw. > If one server dies one of the remaining 3 takes over and has to take twice > the load until the failed server comes back (or the admin modifies the rdr > rule). -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD4DBQBBImJeXyyEoT62BG0RAk7HAJjX91CFCXnVbuafU77ERaklBhpbAJ4gjt1n U0UgIfGgNXj88b89pYACWA== =OI5p -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408172154.06428.max>